Secret Server / Delinea Platform and ServiceNow Verification

Validating the Integration

The following are the supported credential types:

  • Windows

  • JDBC

  • SSH

  • SSH PrivateKey

  • SNMPV3

  • SNMP Community

  • JMS

  • Vmware

  • Active Directory Account

Testing a Credential

To test a credential:

  1. Go to the Discovery Credential > New.

  2. Select a credential type.

  3. Select External Credential Store.

  4. In Credential ID enter the Secret ID.

  5. Select External Credential Store.

  6. Select Delinea in Credential storage vault.

  7. Select Test Credential.

  8. Provide the IP address of the machine configured in Secret Server or Delinea Platform which you must validate (for example, Windows Credential).

  9. Select OK.

Validating SNMPv3

In Secret Server, the SNMPv3 template is not a default template. Therefore, the validation of credentials depends on mapping the SNOW Mid server constant to the SLUG field of the SNMPv3 template. This process ensures that SNMPv3 credentials are validated successfully.

Create the SNMPv3 template in Secret Server as shown below:

Field Slug
Username Username
Authentication protocol authentication-protocol
Authentication Key authentication-key
Privacy protocol privacy-protocol
Privacy key privacy-key

Validating the SSH Private Key

To validate SSH Private Key in Secret Server or in the Delinea Platform, use the UNIX Root Account (SSH) or UNIX Account (SSH) template credentials. The SSH Key template can’t be used to validate the SSH Private Key's credential.

Discovery Schedule

Configure a Discovery Schedule and run it against a destination system in which you know the credentials will work for an authenticated scan. See the example below of the configuration against a singular system.

Results:

alt

alt

Certificate Errors

If you see failures in validating credentials, review the MID Server’s agent log. If you find errors referring to PKIX path failures, the SSL certificate for Secret Server needs to be imported into the Java Keystore for the MID Server agent, see the Adding SSL Certificate to MidServer for more details.

PKIX Errors Example Log:

alt

Troubleshooting and Debugging

If the Credential Resolver is not working, use the following solutions.

  • External Credential storage ServiceNow instance plugin: After adding External Credential storage plugins to ServiceNow instance, sometimes user can’t see the checkbox for External Credential Store plugin on credentials page (ServiceNow instance > Discovery > Credentials). To solve this problem, wait and refresh at regular intervals.

  • Authentication fails: Check the following if authentication fails.

    • Correct the credentials of a Secret in Secret Server or the Delinea Platform.
    • The user in configuration file should have a View permission under Secret > Sharing in Secret Server.
    • Check the permissions of the Secret Server user that was used in the configuration file. The user should have an Application Account with at least View Launcher Password permission.

    • Check the Secret Server or Delinea Platform ss_or_platform_url , ss_or_platform_auth_str parameters in the config.xml file.

    • Verify the credentials you entered when running the DelineaMidServerSetupUtility jar file.

  • Timeout Exception: If network issues occur, a user might experience a timeout exception. If this happens, check the network and restart the MID Server and validate it again.

  • Invalid target specified: During the test if the user receives an invalid target specified message, do the following:

    • Check the hostname or the IP address of a Secret in SecretServer or Delinea Platform.
    • Use the IP address entered while testing the credential. Make sure it is correct and the machine credential is in the Secret Server template.

  • Version Mismatch: If the user has a version mismatch, upgrade MID Server because the ServiceNow instance was upgraded to a higher version.

  • Unable to decrypt the credential: The encrypted string copied from the command prompt to config.xml failed to decrypt.

    • Run the DelineaMidServerSetupUtility jar file on the same server as the Mid Server.

    • Ensure tags are copied correctly.

  • Unable to run the DelineaMidServerSetupUtility JAR file:

    Use "Java -version" command.to ensure that Java 11 or higher is installed on your machine.

  •  Debugging Tips:
    • If the plugin is not working, check the MID Server Logs file. Check to see that all configurations of config.xml file are correct.
    • Check the user permission in Secret Server or in the Delinea Platform for the user which is configured in MID Server config.xml file (MID Server path/agent/config.xml).
    • Check all the Secret details in the Secret, (for example, passwords and machine details).